﻿<?php
$err = ' ';
include('connect_db.php');
/*if logged in, redirect to homepage */
if (checkLoggedin())
{
	header('Location: index.php');
}

/*if not, check database for username and password*/
if(isset($_POST['password']) && isset($_POST['username']))
{
	$dbconn = getDB();
	$salt_stmt = $dbconn->prepare('SELECT salt FROM users WHERE username=:username');
	$salt_stmt->execute(array(':username' => $_POST['username']));
	$res = $salt_stmt->fetch();
	$salt = ($res) ? $res['salt'] : '';
	$salted = sha1($salt . $_POST['password']);  

	$login_stmt = $dbconn->prepare('SELECT * FROM users WHERE username=:username AND password=:password');
	$login_stmt->execute(array(':username' => $_POST['username'], ':password' => $salted));
	
	$res = $login_stmt->fetch();
	
	if ($res) {
		$_SESSION['loggedin'] = true;
		$_SESSION['id'] = $res['id'];
		$_SESSION['lastname'] = $res['lastname'];
		$_SESSION['firstname'] = $res['firstname'];
		$_SESSION['username'] = $res['username'];
		$_SESSION['privilege'] = $res['privilege'];
		$_SESSION['last_login'] = $res['last_login'];
		header('Location: index.php');
		exit();
	}
	else 
	{
		$err = 'Incorrect username or password.';
	} 
}
?>

<?php include('templates/landing/header.php'); ?>

<div id="body">
	<div class="content">
		<div class="home">
			<div class="photos">
				<div class="small">
					<h3>Welcome to RentTracker!</h3>
					<p>We are mediators and peacemakers.</p>
					<p>We are about equipping roommates with the ability to track shared household bills.</p>
					<p>We aim to help roommates communicate about finances in the home.</p>
					<p>We wish to see conflicts minimized by making finances transparent.</p>
					<p>We like to equip people with resources to manage their budgets.</p>
				</div>

			</div>

			<div class="forms">
				<div class="switch">
			
						<a href="login.php" id="login_button" class="type" style="display: none">Log in</a><a href="register.php" id="register_button" class="type" style="">Register</a>
				</div>

				<form action="login.php" method=post accept-charset="utf-8" id="login_form" style="">
					<div>
						<?php if ($err != ' ') { ?>
						<div class="errors">
							<p><?php echo $err; ?></p>
						</div>
						<?php } ?>
						<div class="errors clear">
						</div>
							<input type=text name="username">
							<input type=password name="password">
						<input name="" value="Log in" type="submit">
						<a href="forgot_password.php" id="forgot_password" class="small">Forgot password</a>
					</div>
				</form>
				<form action="register.php" method="post" accept-charset="utf-8" id="register_form" style="display: none">
					<div>
						<div class="errors clear"> 
						</div>
						<input name="reg_email" value="Email address" id="reg_email" type="text">
						<input style="display: none;" name="reg_password" value="" id="reg_password" type="password">
						<input name="reg_temp_password" value="Password" id="reg_temp_password" style="" type="text">
						<input style="display: none;" name="reg_password_confirm" value="" id="reg_password_confirm" type="password">
						<input name="reg_temp_password_confirm" value="Confirm password" id="reg_temp_password_confirm" style="" type="text">
						<input name="" value="Register" type="submit">
					</div>
				</form>                     

				<form action="forgot_password.php" method="post" accept-charset="utf-8" id="forgot_password_form" style="display: none">
					<div>
						<div class="errors clear">
						</div>
							<input name="forgot_email" value="Email address" id="forgot_email" type="text">
							<input name="" value="Reset Password" type="submit">
						</div>
				</form>
				<br>
			</div>
		</div>

	</div>
</div>

<?php include('templates/landing/footer.php'); ?>